Recently, we have detected a DDOS attack from
Based on the source port number, this likely indicates an open DNS resolver on your network. Open resolvers are very commonly abused to conduct DDOS attacks. Please see or for more information.
We would ask that you either limit access to this resolver to prevent it from being abused, or implement one of the patches described on or . If you are not sure how to do this, we have some instructions available at
You can confirm this host is vulnerable by running the following command:
If you see a valid response, this is proof that the machine is vulnerable and actively being used to conduct DDOS attacks. Please note that it's possible this machine has rate limits to help prevent abuse. We're unable to confirm if that's the case, but we can tell you with certainty this machine has been involved in an attack against us.
Our detection systems automatically merge duplicate log entries, however we have the following records:
[2014-12-15 11:52:36 GMT] IP > UDP, length 132743168, packets 32768
If you have any questions about this report, please let us know:
The recipient address of this report was provided by the Abuse Contact DB by does not maintain the content of the database. All information which we pass out, derives from the RIR databases and is processed for ease of use. If you want to change or report non working abuse contacts please contact the appropriate RIR. If you have any further question, contact directly via email ( Information about the Abuse Contact Database can be found here: is neither responsible nor liable for the content or accuracy of this message.

The user in question was still signed in to one of our public IPs he is apparently infected with malware. We have added a firewall rule to mitigate anymore potential damage caused by his infection and will contact him with a link to this ticket.

Also Read

Brute Force Attempt
Dear Client, We have received the below abuse message regarding your services. Please deal with...
California - 106 Notices of Claimed Infringements
They sent 106 notices of infringmnet instead of 1 notice. Here is a compiliation of...
DoS attack from the LiquidVPN Network
Dear Provider I’m George Egri, the Co-Founder and CEO of BitNinja Server Security. I’m writing to...
NJ Port Scanning
We have blocked someone from your IP space for abuse. Reason: Port Scanning. Log lines are below....
Request to Help Block DDoS Attacks
Hi,at our ecommerce we are experiencing a lot of traffic coming from various ip that belongs to...